Vulnerability Details CVE-2024-28396
An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.9%
CVSS Severity
CVSS v3 Score 7.5
References
- https://addons.prestashop.com/en/data-import-export/17596-orders-csv-excel-export-pro.html
- https://security.friendsofpresta.org/modules/2024/03/14/ordersexport.html
- https://addons.prestashop.com/en/data-import-export/17596-orders-csv-excel-export-pro.html
- https://security.friendsofpresta.org/modules/2024/03/14/ordersexport.html
Products affected by CVE-2024-28396
-
_excel)_export_pro:1.0.3
-
_excel)_export_pro:1.0.4
-
_excel)_export_pro:1.0.6
-
_excel)_export_pro:1.0.7
-
_excel)_export_pro:1.0.8
-
_excel)_export_pro:1.1.0
-
_excel)_export_pro:5.1.0
-
_excel)_export_pro:5.1.1
-
_excel)_export_pro:5.1.2
-
_excel)_export_pro:5.1.3
-
_excel)_export_pro:5.1.5
-
_excel)_export_pro:5.1.6
-
_excel)_export_pro:5.2.0
-
_excel)_export_pro:5.2.1
-
_excel)_export_pro:5.2.2
-
_excel)_export_pro:5.2.3
-
_excel)_export_pro:6.0.0
-
_excel)_export_pro:6.0.1
-
_excel)_export_pro:6.0.2
-
cpe:2.3:a:myprestamodules:orders_(csv